Empower the AML Officer

Empower the AML Officer

Someone recently asked me "if you had one wish (in the AML world), what would you fix?" ... and then a few days later someone else asked me, over drinks and world-problem solving, "what is your biggest green flag that you look for when vetting banks and fintechs?” Funny enough, the answer was pretty much the same:

Executive authority within the AML Officer function

Eight years ago in my mission to operationalize AML/Sanctions threats and provide actionable solutions for global clients, I wrote about the illusion of authority. Encouraging banks to be serious about their culture of compliance. The illusion is still happening. I get calls daily from AML Officers (please stop calling them BSA Officers) telling me that their boss's boss did not approve their simple ask for an extra half FTE (full-time equivalent) employee. Insanity. And crazy enough, we have weekly consent orders and failing bank/fintech partnerships happening daily. I wonder why.

Want to ensure your bank or credit union is doing what it needs to do with regard to AML compliance? Give actual (not the illusion of) authority to the AML Officer.

This is what it looks like:

  • It shouldn't be a closet move. Take a note from Rabobank - list the executive in charge on the bank’s “ABOUT US/LEADERSHIP” page.
  • Don't bury the AML Officer. It shouldn't be CRO > Compliance Officer > AML Officer. And it shouldn't even be Compliance Officer > AML Officer. It should be AML Officer.

Want to attract and keep a good bank partner as a regulated fintech? Have an AML Officer as a separate and distinct person and with different areas of responsibility from general compliance issues. At a fintech, this is what it looks like:

  • Don't bury the AML Officer (sound familiar?) Again, it shouldn't be CRO > Compliance Officer > AML Officer. And it shouldn't even be Compliance Officer > AML Officer. It should be AML Officer.

And yes, this applies to all types of fintechs. Just a start-up? That's ok. Don't bury your AML expert (not yet Officer). Don't try and save money and hire a compliance person "that's also AML". It doesn't work.

Not to give away too much of the secret sauce, but the best indicators for me of a treasure trove of AML and Sanctions deficiencies within any type of institution – traditional FI or fintech – are:

  1. Can I find their AML Officer (not compliance officer) listed on their website? If not, Buckle up! Could be bracing for some issues.
  2. Is their compliance officer also their AML Officer? If yes, Bullseye! That FI will be an easy target for regulatory criticism.

If you are on the board of a bank, fintech, or a venture capitalist investing in fintechs - look for those indicators. As a VC, you can guarantee your investors a lower ROI if they have either of those vulnerabilities.

Many bank consent orders over the last year or so mandate a baseline standard of "executive authority" for the AML Officer. It truly is one of the biggest changes that has the highest level of impact on the effectiveness of an AML/Sanctions program.


Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Documentary Credit World.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.